[java][jersey2] Differentiate request with no body vs request that contains the null value

[sebastien-rosset]

Two scenarios need to be differentiated:

1. HTTP requests may have an empty body, e.g. HTTP GET requests.
2. HTTP requests may also have a body with the 'null' value.

We need to be able to differentiate these two cases when serializing the body. In particular, for HTTP GET request which have an empty body, the input object was set to null, and it was serialized as the 'null' value instead of the empty string.

This leads to incorrect message digest being calculated.

PR checklist

• Read the contribution guidelines.
• If contributing template-only or documentation-only changes which will change sample output, build the project beforehand.
• Run the shell script ./bin/generate-samples.shto update all Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master. These must match the expectations made by your contribution. You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/config/java*. For Windows users, please run the script in Git BASH.
• File the PR against the correct branch: master
• Copy the technical committee to review the pull request if your PR is targeting a particular programming language.

[auto-labeler]

👍 Thanks for opening this issue!
🏷 I have applied any labels matching special text in your issue.

The team will review the labels and make any necessary changes.

[sebastien-rosset]

@wing328 , I'm a bit confused why updateParamsForAuth invokes serializeToString, but the request body is serialized using a different function. That means an authorization scheme that processes the message body may provide incorrect authorization data.
For example, the calculate message digest may be different because the body is serialized using two different functions.

[wing328]

I agree ideally they should be using the same function to come up with the request body.

[sebastien-rosset]

thanks. I propose that we tackle this in a follow-up PR, what do you think? I see some discrepancies between serializeToString and serialize.

[sebastien-rosset]

@bbdouglas (2017/07) @sreeshas (2017/08) @jfiala (2017/08) @lukoyanov (2017/09) @cbornet (2017/09) @jeff9finger (2018/01) @karismann (2019/03) @Zomzog (2019/04) @lwlee2608 (2019/10) @bkabrda (2020/01)